ClawHub

youtube-search-api-skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends YouTube search terms to BrowserAct using a BrowserAct API key and returns structured results.

Install this only if you trust BrowserAct and are comfortable sending YouTube search queries to its API. Set BROWSERACT_API_KEY through an environment variable or secrets manager rather than pasting it into chat, and review queries before running them if they contain sensitive research terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares required environment variables and invokes a Python script that calls an external API, but it does not declare corresponding permissions for environment access and network use. This creates a transparency and policy-enforcement gap: an agent or review system may underestimate what the skill can access or transmit, increasing the risk of unintended secret use or outbound data flow.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description repeatedly tells the agent to proactively apply the skill across many broad user intents without tight triggering conditions or confirmation requirements. Over-broad auto-invocation can cause the agent to call external services unnecessarily, send user queries to third parties without clear consent, and use stored API credentials in situations the user did not intend.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script explicitly tells the user to provide a BrowserAct API key to the tool or set it in an environment variable, but it gives no warning about credential sensitivity, storage, logging, or scope. In an agent-skill context, prompting users to hand credentials to automation increases the risk of secret exposure to the model, orchestration layer, logs, or other unintended consumers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal